The two biggest tech and science stories of the past week were the brutal hacking of Wired reporter Mat Honan's digital life and the exhilarating arrival of NASA's Curiosity rover on the surface of Mars. So here at PCMag, we decided to combine those two stories into one Google-friendly gob of geeky goodness.

That's right, folks, we're going to tell you how to hack the Mars rover.

First, a disclaimer: We don't recommend anybody actually try this. Let science do its thing, people! Nor do we believe we're giving anybody a bright idea just by performing this technical exercise. As we found out after talking to several hackers, crackers, and security pros, the resources required to pull this off are prohibitivethe folks with the actual resources required to compromise Curiosity (*cough* China *cough*) don't need our cobbled-together advice on how to do it.

In other words, a state-backed actor could maybe take over NASA's planetary crawler, but the script kiddies are pretty much SOL here. We are exceedingly unlikely to see "We Are Legion" transmitted by Curiosity as its last act before driving off a cliff while IRC explodes with lulz.

With that said, let's hack the rover!

The Hard Way
The first thing we learned is that hacking Curiosity itself across 352 million miles of interplanetary vacuum is almost certainly the wrong approach to this task. Much better to try to sneak into NASA's own control systems here on Earth, which AlienVault research team engineer Conrad Constantine described as "the weakest, most inexpensive link in all of this."

More on that later. For funsies, here's what Constantine had to say about the hurdles you'd have to overcome to start pinging Curiosity with diabolical contra-NASA instructions:

You would have to be able to transmit an X-Band radio signal at peak 400 kilowatts to reach the Mars rover. Considering you need something that can do 400,000 watts to even have a fighting chance of overriding NASA's own control signal and you can begin to see that it's a pretty serious cost-of-entry to play in this game."

It is probably N-WAY QPSK encoding and you'd have to match that (this is similar to the encoding they use for satellite TV). Difficult, but not impossible. All this stuff would take a good amount of time and observation. Plus you'd want to capture NASA's own transmissions to the rover. That could be toughthey're pretty damn directional."

There's a massive amount of forward-error correction going on as wellremember that Curiosity is receiving queued-up commands from NASA's orbital transponders over low-bandwidth X-BAND uhf (8ghz). This gets into similar territory as TCP/IP spoofing, where you have to predict what the rover is expecting next. Unless you could intercept the directional transmission from the orbital transponders, you're just guessing what state the communications are in.

One hint at just how tough it might be to penetrate the rover's security barriers came by way of a brief story on Space.com earlier this year detailing how the Curiosity team remotely fixed a register glitch in the rover's memory cache, noted Dmitri Alperovitch, co-founder and CTO of CrowdStrike.

"They are updating the software on the rover all the time," said Alperovitch. What's more, these aren't just automated updates like the kind your PC gets on Patch Tuesdays. You have to believe the Curiosity team at NASA's Jet Propulsion Lab (JPL) has a pretty intimate relationship with the rover's systems, making it very tough to sneak a malicious payload by the many engineers who are currently checking up on their baby more obsessively than a D-list celebrity refreshes his Twitter feed.

The Slightly Less Hard Way
So if not a direct assault on NASA's core software, what next? F-Secure security advisor Sean Sullivan suggested an alternative.

"I'm afraid that I don't know enough about the actual code and systems used to come up with much, but for a 'far out' scenario in which money is not an object, I'd backdoor some of the [third-party] technology on board," he said.

Sullivan pointed to pressure and humidity sensors on Curiosity supplied by the Finnish Meteorological Institute. "Perhaps not all is as it seems" with those possible poison pills, he noted archly, shocking us for a moment before we recalled that F-Secure is headquartered in Helsinki and laughed at the inside joke.

In fact, it seems unlikely that NASA's vetting of tech supplied by mission partners like the Finns would have allowed a backdoor access point onto the rover. What's a lot more troubling, to paraphrase Donald Rumsfeld, are the unknown knowns about what makes Curiosity tick that may be out there.

Earlier this year, NASA Inspector General Paul Martin briefed Congress on the "the loss or theft of 48 Agency mobile computing devices" between April 2009 and April 2011 and "5,408 computer security incidents [in 2010 and 2011] that resulted in the installation of malicious software on or unauthorized access to [NASA] systems."

Yikes? The loss of sensitive data on Curiosity wasn't specifically mentioned in Martin's report, which identified "ISS command algorithms" and data related to NASA's Orion deep space capsule as among the losses to unknown actors in recent years, but stillyikes.

The Scarily Possible Way
As mentioned, a brute force takeover of Curiosity isn't as attractive a prospect as trying to infiltrate the Earthside signaling operation.

"Really though, the only viable way to do this on a budget would be to take control of NASA's own control systems. That's the weakest, most inexpensive link in all of this and NASA has the only existing, viable communications setup to the Rover. You'd have to get control of that, without them noticing," said AlienVault's Constantine.

"What you have here is a very moist attack surface, it's saturated with existing comms that you would have to intercept, predict and hijack. Going after the existing control system is likely the most porous point of attack."

CrowdStrike's Alperovitch concurred, but wondered if "the most sophisticated actors capable of this would have the motive" to try to hijack a scientific mission that basically stands to benefit all humankind. That didn't stop him from playing the guessing game, of course.

"Imagine if hackers were able to get access to the systems operating NASA's Deep Space Networkthe one that is responsible for radio communications with the rover and other interplanetary objects. Then you would be able to send instructions to the rover and even destroy it by driving it into a rock, for example. Theoretically, you could also upgrade its firmware to no longer accept instructions from NASA so that you would be the sole operator," he mused.

Farfetched? Not as much as you might think.

Several sources pointed to reports that U.S. government satellites were compromised at least four times in 2007 and 2008, possibly at the hands of Chinese computer hackers with ties to the country's military, as well as allegations by Russian space agency officials that cyber-skullduggery was responsible for the failure of the Phobos-Grunt probe last year, as evidence that this sort of thing is well within the realm of possibility.

All that said, maybe the bluntest way to compromise Curiosity would be to plant a mole in JPL itself. And all we can say to that scenario is, stay vigilant, Mohawk Guy!

Damon Poeter got his start in journalism working for the English-language daily newspaper The Nation in Bangkok, Thailand. He covered everything from local news to sports and entertainment before settling on technology in the mid-2000s. Prior to joining PCMag, Damon worked at CRN and the Gilroy Dispatch. He has also written for the San Francisco Chronicle and Japan Times, among other newspapers and periodicals.
More »

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service